Pan-industry JIP assesses cyber security risks

Offshore staff

HOVIK, Norway – Platform operators need confidence that countermeasures can deal with bigger and more sophisticated cyber-attacks, claims DNV GL.

It says that cyber security is a growing issue in the oil and gas industry as critical network segments in production sites, which used to be kept isolated, are now connected to networks.

The general trend is toward remote operations, remote maintenance, and tighter inter-operability with centralized process data and plant information. Old and outdated installations are therefore at particular risk and require risk mitigation actions.

Rune Wærstad, control and automation engineer at Shell, said: “We see that cyber-security incidents are increasing with attempted attacks on a daily basis. By collaborating with others in the industry, we can ensure that we end up with one globally applicable regulation that is suitable for the oil and gas sector.”

DNV GL has established a joint industry project (JIP) with Shell, Statoil, Lundin, Siemens, Honeywell, ABB, Emerson, and Kongsberg Maritime. In addition, the Norwegian Petroleum Safety Authority will take part as an observer.

The JIP will produce a guideline for protecting oil and gas installations against cyber-security threats, using the IEC 62443 standard but tailored to oil and gas industry needs.

Goals of the JIP are:                   

  • Reduced risk of cyber-security incidents
  • Cost-savings for operators by reducing the resources needed to define requirements and follow up
  • Cost-savings for contractors and vendors based on identical requirements from operators
  • Simplified audits for authorities and auditors due to common requirements and common conformance claims.

Pål Børre Kristoffersen, principal consultant, DNV GL – Oil & Gas, said: “Attacks are becoming increasingly costly and harder for companies to recover from. This JIP will lower the risk of cyber-security incidents and trim costs for operators, contractors, and vendors by reducing the resources needed to define requirements and by driving a standardized approach.”

The JIP should deliver a recommended practice for industrial automation and control systems within 12 months. Currently DNV GL is assisting Total E&P Norge with cyber-security risk management for the Martin Linge field development and associated operations offshore Norway.

DNV GL’s scope of work includes day-to-day management and coordination of cyber security during the project phase, with a specific focus on integrated control and safety systems.


Share your news with Offshore at

Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now


Making DDoS Mitigation Part of Your Incident Response Plan: Critical Steps and Best Practices

Like a new virulent strain of flu, the impact of a distributed denial of service (DDoS) attack is...

The Multi-Tax Challenge of Managing Excise Tax and Sales Tax

To be able to accurately calculate multiple tax types, companies must be prepared to continually ...

Operational Analytics in the Power Industry

Cloud computing, smart grids, and other technologies are changing transmission and distribution. ...

Maximizing Operational Excellence

In a recent survey conducted by PennEnergy Research, 70% of surveyed energy industry professional...